Skip to content

Update ADK doc according to issue #1587 - 13 #1609

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
adk-bot wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Update ADK doc according to issue #1587 - 13 #1609

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
78 changes: 78 additions & 0 deletions docs/integrations/secret-manager.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,78 @@
---
sidebar_label: Google Cloud Secret Manager
title: Google Cloud Secret Manager Integration
---

The ADK includes a built-in client for Google Cloud Secret Manager that simplifies retrieving secrets. This allows you to securely store and access sensitive information like API keys or other credentials required by your ADK tools.

The primary class for this integration is `SecretManagerClient`, which can be imported from `google.adk.integrations.secret_manager.secret_client`.

## Instantiating the Client

You can instantiate the `SecretManagerClient` in a few different ways, depending on your authentication needs.

### Using Application Default Credentials (ADC)

If your application is running in a Google Cloud environment (like Cloud Run or GKE) or you have configured the gcloud CLI locally with `gcloud auth application-default login`, you can instantiate the client without any arguments. It will automatically find the necessary credentials.

```python
from google.adk.integrations.secret_manager import secret_client

client = secret_client.SecretManagerClient()
```

### Using a Service Account

You can authenticate by passing the contents of a service account JSON key file as a string.

```python
from google.adk.integrations.secret_manager import secret_client
import json

# Assume 'service_account_dict' is a dictionary containing your service account key
service_account_json_string = json.dumps(service_account_dict)

client = secret_client.SecretManagerClient(
service_account_json=service_account_json_string
)
```

### Using an OAuth 2.0 Access Token

If you have a pre-existing OAuth 2.0 access token, you can use it to instantiate the client.

```python
from google.adk.integrations.secret_manager import secret_client

auth_token = "your-oauth2-access-token"

client = secret_client.SecretManagerClient(auth_token=auth_token)
```

## Retrieving a Secret

Once the client is instantiated, you can retrieve a secret by calling the `get_secret()` method. This method requires the full resource name of the secret version you wish to access.

The resource name has the following format:
`projects/your-gcp-project-id/secrets/your-secret-name/versions/your-secret-version`

Typically, you will want to retrieve the latest version of a secret, which can be specified using `latest`.

```python
# Assuming 'client' is an instantiated SecretManagerClient
resource_name = "projects/my-gcp-project/secrets/api-key/versions/latest"

try:
secret_value = client.get_secret(resource_name)
print(f"Successfully retrieved secret: {secret_value}")
except Exception as e:
print(f"Error retrieving secret: {e}")

# You can now use the secret_value with other ADK tools
# For example, passing it to a model's API key parameter
#
# from google.adk.models import some_model
#
# model = some_model.SomeModel(api_key=secret_value)

```
Loading